From 859076fda8630a5f094725dafe9ed6846a2bb1ab Mon Sep 17 00:00:00 2001
From: Colin Kuskie <colink@perldreamer.com>
Date: Tue, 19 Oct 2010 11:41:40 -0700
Subject: [PATCH] Group To Post is now not sufficient to view a CS.  Fixes bug
 #11916.

---
 docs/changelog/7.x.x.txt                  |  1 +
 docs/gotcha.txt                           |  8 ++++++++
 lib/WebGUI/Asset/Wobject/Collaboration.pm | 19 -------------------
 3 files changed, 9 insertions(+), 19 deletions(-)

diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index c41c4afb2..b0bc4b9c5 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -13,6 +13,7 @@
  - fixed #11902: forums bug
  - fixed #11912: Corrupt cookie causes server 500 errors
  - fixed #11919: Survey rendering with section text
+ - fixed #11916: Collaboration System security
 
 7.10.2
  - fixed #11884: Editing Templates impossible / Code editor not loaded
diff --git a/docs/gotcha.txt b/docs/gotcha.txt
index 25f6e89cd..2bde77c2e 100644
--- a/docs/gotcha.txt
+++ b/docs/gotcha.txt
@@ -7,6 +7,14 @@ upgrading from one version to the next, or even between multiple
 versions. Be sure to heed the warnings contained herein as they will
 save you many hours of grief.
 
+7.10.3
+--------------------------------------------------------------------
+     * In the Collaboration System, previously the Group to Post group
+       was also allowed to view the CS.  This made it difficult to
+       make the CS not viewable to regular users, so the behavior was
+       removed in 7.10.3.  If your site depended on the Group To Post being
+       able to view the CS, then make the it a sub-group of Group To View.
+
 7.10.2
 --------------------------------------------------------------------
      * The URL used by Display Message on Login always returns the user to 
diff --git a/lib/WebGUI/Asset/Wobject/Collaboration.pm b/lib/WebGUI/Asset/Wobject/Collaboration.pm
index 78ff78a20..555c51da8 100644
--- a/lib/WebGUI/Asset/Wobject/Collaboration.pm
+++ b/lib/WebGUI/Asset/Wobject/Collaboration.pm
@@ -397,25 +397,6 @@ sub canStartThread {
 }
 
 
-#-------------------------------------------------------------------
-
-=head2 canView ( [ $userId ] )
-
-Extends the base method to also allow users who canPost to the CS.
-
-=head3 $userId
-
-A userId to check for edit permissions. If $userId is false, then it checks
-the current session user.
-
-=cut
-
-sub canView {
-	my $self = shift;
-        my $userId  = shift     || $self->session->user->userId;
-	return $self->next::method( $userId ) || $self->canPost( $userId );
-}
-
 #-------------------------------------------------------------------
 
 =head2 commit